Define background job configurations in Vulnerability Response

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read

    • Define how many tasks you want to run concurrently for a given background job. You can also set the job to import partitions of data so the tasks complete more quickly and easily and use less of your system resources. You can also cancel a job if you determine it is running too long.

    Before you begin

    Role required: sn_vul.vulnerability_admin or Vulnerability managers with the sn_sec_cmn.manage_background_job granular role

    See the section below the steps for an example.

    Procedure

    1. Navigate to All > Security Operations > Background Job Configurations.
    2. In the Name column, click a record to open it.
    3. Edit the fields.
      Background job record view.
      FieldDescription
      Name Name of the job.
      Configuration ID Read-only. Unique ID used to identify the job.
      Background Job Capability Choose one.
      • Partition and Concurrency Enabled - A job with a long run time can be split up, and the job can be run in parallel with another job of the same type.
      • Concurrency Enabled - The job can be run in parallel with another job of the same type.
      • Cancel Enabled - The job can be can canceled.
      • Concurrency and Cancel Enabled - The job can be run in parallel with another job and be canceled.
      • Partition, Concurrency, and Cancel Enabled - A job with a long run time can be split up, the job can be run in parallel with another job of the same type, and the job can be canceled.
      • None
      The displayed value indicates if a job supports partitioning, concurrency, and cancellation.
      Max Concurrent Threads

      This field is displayed only if concurrency is supported.

      Enter the maximum number of jobs you want this configuration to run in parallel. The number of scheduled jobs supported by your instance is by default 10. You can lower this value if you believe you might use, or have lower system resources available to run your background jobs.
      Active Enable or disable the job

      If a job is disabled, you cannot create jobs of this type. Any existing jobs in the queue will not be processed.
      Enable Partition This field is displayed only if partitioning is supported.

      This option permits you to limit and define the number of items this job can process at one time. The Size of Partition field is also displayed.

      If you leave this field disabled, background jobs that support partitioning process all the items in your instance with this job.
      Size of Partition This field is displayed only if partitioning is supported.

      Default is 10,000 items.

      Enter a value for the number of items per data chunk you want this job to process. This option is available for jobs that process large numbers of records such as VIs, remediation tasks, test results, and test result groups.
      Execution script Displays the job processor that is used to run this job. A default method for jobs that support partitioning is provided.
      Enable Cancel This field is only displayed if job cancellation is supported. This option is supported for jobs that process discovered items and reapply CI rules.
    4. Click Update to save your changes.
      See the following example for how to verify results for your configuration changes.
      There are two Remediation target rules job configurations that are included with the application, one for vulnerable items, one for application vulnerable items:
      • Reapply Remediation Target Rules (VIT)
      • Reapply Remediation Target Rules (AVIT)
      Assume that you change to your remediation target rules and want to reapply them without using most your available system processing resources. To help you limit the processing resources, you can control the number of background jobs you run and the number of items you process per job in the Background Job Configurations module.
    5. To define these settings, navigate to Security Operations > Background Job Configurations and click Reapply Remediation Target Rules (VIT) to open the configuration job record.Background job record view.

      For the sake of the example, say you know you have just over 300 VIs.

    6. On the open configuration job record, change the Partition size value from 4 to 10.
    7. Navigate to Vulnerability Response > Remediation Target Rules, locate the Reapply vulnerability remediation rule you changed, select the record from the list and click Apply Changes to reevaluate your target rules for your existing VIs.
      The Reapply vulnerability remediation rules (VIT) job is queued.
    8. Click the View status link to view the Background job record and verify that the jobs are queued, as shown in the following image.
      For this example, 31 jobs are created to process target rules for 307 VIs (maximum of 10 items per job). These jobs are child jobs of the primary background job. The child jobs process the records sequentially.
      Background child jobs listed.

      When all the jobs successfully complete, the fields are updated on the Background Job record.

      Status complete with updated fields on the Background Job record.
    9. Navigate to your vulnerable items and verify they reflect your new rule change.